Microsoft is investigating a new known issue causing enterprise domain controllers to experience Kerberos authentication problems after installing security updates released to address CVE-2020-17049 ...

Microsoft has released out-of-band optional updates to fix a known issue that causes Kerberos authentication problems on enterprise domain controllers after installing security updates released ...

A bypass bug present in the Kerberos cryptographic authentication protocol for 21 years has now been fixed in patches from Microsoft, Samba, Fedora, FreeBSD, and Debian. The discoverers of the ancient ...

Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of which the company identified as being of ...

Server: Fully-patched 2008 R2, running Certificate Services. The /certsrv virtual directory is using (I believe) default settings. Specifically, this means it's using Windows Authentication, with NTLM ...

Microsoft's out-of-band update yesterday fixes a profoundly serious bug: Any user logged into the domain can elevate their own privilege to any other, up to and including Domain Administrator. When I ...

Do you think Microsoft’s Kerberos implementation follows the Kerberos standard? Add your comments and questions to the online Kerberos discussion. In Greek mythology , Kerberos is the three-headed ...

Several readers responded to my previous post on pass-the-hash attacks, asking if Kerberos authentication versus LANManager, NTLM, or NTLMv2 was an effective defense. It’s a good question, one that I ...

Microsoft has released a total of 49 new patches marking the first Patch Tuesday event of 2024, addressing a variety of vulnerabilities across its product estate, among them two critical bugs ...

Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS. Authentication is the front gate to security systems, so if ...